Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e87f4aac9007406685d0e98e47e91d10424d8560fa8020511718ce7c03c9f2ce
-
Size
1.4MB
-
Sample
230801-kawtdsee67
-
MD5
4bc71907f53b250dfda873e4cebf7b67
-
SHA1
45fbaa6a08a1744a0e68009d5348cf16c90b981d
-
SHA256
e87f4aac9007406685d0e98e47e91d10424d8560fa8020511718ce7c03c9f2ce
-
SHA512
bac81ab2f8948ee3f3ca0b70c3e8823d877a2cf28b8a8efadf18aee03b5e35df530dd404dfae32a1a4ddaadf39662a92c43abf574f4bca3e79282b99376c6304
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Targets
-
-
Target
e87f4aac9007406685d0e98e47e91d10424d8560fa8020511718ce7c03c9f2ce
-
Size
1.4MB
-
MD5
4bc71907f53b250dfda873e4cebf7b67
-
SHA1
45fbaa6a08a1744a0e68009d5348cf16c90b981d
-
SHA256
e87f4aac9007406685d0e98e47e91d10424d8560fa8020511718ce7c03c9f2ce
-
SHA512
bac81ab2f8948ee3f3ca0b70c3e8823d877a2cf28b8a8efadf18aee03b5e35df530dd404dfae32a1a4ddaadf39662a92c43abf574f4bca3e79282b99376c6304
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Modifies WinLogon for persistence
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1